ETSI Technical Committee on Cybersecurity has recently released two specifications on Attribute-Based Encryption (ABE) that describe how to protect personal data securely—with fine-grained access controls.
ABE has been identified by ETSI as a key enabler technology for access control in highly distributed systems, such as 5G and the IoT. ABE is an asymmetric, multi-party cryptographic scheme that bundles access control with data encryption. In such a system, data can only be decrypted if the set of attributes of the user key matches the attributes of the encryption.
For instance, access to employee pay data will only be granted to the role of Human Resources Employee working in the payroll department of a company, who has been there for one year or more. Because ABE enforces access control at a cryptographic (mathematical) level, it provides better security assurance than software-based solutions. It is also space-efficient, since only one ciphertext is needed to cater for all access control needs of a given data set.